Forrester's Security & Risk Spotlight -- Don't Let Cloud Go Over Your Head

Underestimating or neglecting the necessary security practices that a cloud requires can lead to hacks, breaches, and horrendous data leaks.

Share

Once a month I use my blog to highlight some of S&R’s latest and greatest. The cloud is attractive for many reasons -- the possibility of working from home, the vast array of performance and analytical capabilities available, knowing that your backups are safe from that fateful coffee spill, etc.

Although the cloud is not a new concept, the security essentials behind it unfortunately remain a mystery to practically all users. What’s worse, the security professionals tasked with protecting corporate data rarely have visibility into all the risk -- it’s simply too easy for users to make critical cloud decisions without process or oversight.   

Underestimating or neglecting the necessary security practices that a cloud requires can lead to hacks, breaches, and horrendous data leaks. We’ve seen our fair share of security embarrassments that range from Hollywood execs to the US government, and S&R pros know that these are far from done.

Forrester understands the cost of these events and has written numerous reports to help you protect your company’s cloud environments. In addition to the S&R Practice Playbook that focuses on bettering your security practice in its entirety, we’ve zoned in on cloud security solutions specifically that will help prevent you from having to make the next international apology:

  • Choose the right cloud platform. There are many options now that the popularity of cloud has soared, but in order to get the proper protection, you need to do your research. S&R experts Andras Cser and Ed Ferrara have done the hard work for you. This winter, they evaluated the top vendors in the marketplace in The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014. These vendors include: AWS, CenturyLink Cloud, IBM SoftLayer, and Microsoft Azure.  Be sure to check out the full report to see how the vendors stacked up against each other.
  • Treat your company’s data like gold, even in the cloud. This data can range from your customers’ social security card numbers or your company’s latest product specs. You don’t want weak cloud security to be the reason this data is now circulating the black market. Andras to the rescue, again. Check out his recent Market Overview: Cloud Data Protection Solutions to get the full scoop on available solutions.
  • Don’t shy away from automation when picking a cloud workload security management solution. Andras makes this especially clear and provides you with many viable options in his Market Overview: Cloud Workload Security Management Solutions — Automate Or Die.

He analysed each option for:

  1. IaaS platform support
  2. malware protection 
  3. host-based firewalls
  4. log inspection
  5. intrusion detection and prevention (IDS/IPS) 
  6. configuration management and file integrity monitoring
  7. virtualisation support. Follow the hyperlink to see a more in-depth look at the vendors.#

If your organisation doesn’t follow the necessary security steps, then you may very well be the next victim. However, even taking all of these precautions doesn’t guarantee you a smooth ride. When it comes to cloud security, don’t underestimate the risk, and be sure to have a backup plan for your backup plan. The cloud is more than a convenience -- it has the magical ability to be expected, demanded, and misunderstood by everyone at your organisation. Take the time to educate yourself and your business so that you’re all ready to weather the storm.

Posted by Stephanie Balaouras

"Recommended For You"

Forrester’s Security & Risk Research Spotlight – The IAM Playbook For 2015 Cloud-native identity management is suddenly looking like a winner